Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Book Review: Social Engineering: The Art of Human Hacking

samzenpus posted more than 3 years ago | from the read-all-about-it dept.

Security 114

brothke writes "One can sum up all of Social Engineering: The Art of Human Hacking in two sentences from page 297, where author Christopher Hadnagy writes 'tools are an important aspect of social engineering, but they do not make the social engineer. A tool alone is useless; but the knowledge of how to leverage and utilize that tool is invaluable.' Far too many people think that information security and data protection is simply about running tools, without understanding how to use them. In this tremendous book, Hadnagy shows how crucial the human element is within information security." Keep reading for the rest of Ben's review.With that, Social Engineering: The Art of Human Hacking is a fascinating and engrossing book on an important topic. The author takes the reader on a vast journey of the many aspects of social engineering. Since social engineering is such a people oriented topic, a large part of the book is dedicated to sociological and psychological topics. This is an important area, as far too many technology books focus on the hardware and software elements, completely ignoring the people element. The social engineer can then use that gap to their advantage.

By the time that you start chapter 2 on page 23, it is abundantly clear that the author knows what he is talking about. This is in stark contrast with How To Become The Worlds No. 1 Hacker, where that author uses plagiarism to try to weave a tale of being the world’s greatest security expert. Here, Hadnagy uses his real knowledge and experience to take the reader on a long and engaging ride on the subject. Coming in at 9 chapters and 360 pages, the author brings an encyclopedic knowledge and dishes it out in every chapter.

Two of the most popular books to date on social engineering to date have been Kevin Mitnick’s The Art of Deception: Controlling the Human Element of Security and The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers. The difference between those books and Hadnagy, is that Mitnick for the most part details the events and stories around the attacks; while Hadnagy details the myriad specifics on how to carry out the social engineering attack.

The book digs deep and details how the social engineer needs to use a formal context for the attack, and breaks down the specific details and line-items on how to execute on that. That approach is much more suited to performing social engineering, than simply reading about social engineering.

Chapter 1 goes though the necessary introduction to the topic, with chapter 2 detailing the various aspects of information gathering. Once I started reading, it was hard to put the book down.

Social engineering is often misportrayed as the art of asking a question or two and then gaining root access. In chapter 3 on elicitation, the author details the reality of the requirements on how to carefully and cautiously elicit information from the target. Elicitation is not something for the social engineer alone, even the US Department of Homeland Security has a pamphlet(Pdf) that is uses to assist agents with elicitation.

After elicitation, chapter 4 details the art of pretexting, which is when an attacker creates an invented scenario to use to extract information from the victim.

Chapter 5 on mind tricks starts getting into the psychological element of social engineering. The author details topics such as micro expressions, modes of thinking, interrogation, neuro-linguistic programming and more.

Chapter 6 is on influence and the power of persuasion. The author notes that people are trained from a young age in nearly every culture to listen to and respect authority. When the social engineer takes on that role, it becomes a most powerful tool; far more powerful than any script or piece of software.

The author wisely waits until chapter 7 to discuss software tools used during a social engineering engagement. One of the author’s favorite and most powerful tools is Maltego, which is an open source intelligence and forensics application. While the author concludes that it is the human element that is the most powerful, and that a great tool in the hand of a novice is worthless; the other side is that good tools (of which the author lists many), in the hands of an experienced social engineer, is an extremely powerful and often overwhelming combination.

Every chapter in the book is superb, but chapter 9 – Prevention and Mitigation stands out. After spending 338 pages about how to use social engineering; chapter 9 details the steps a firm must put in place to ensure they do not become a victim of a social engineering attack. The chapter lists the following six steps that must be executed upon:

Learning to identify social engineering attacks

Creating a personal security awareness program

Creating awareness of the value of the information that is being sought by social engineers

Keeping software updated

Developing scripts

Learning from social engineering audits

The author astutely notes that security awareness is not about 45- or 90-minute programs that only occur annually; rather it is about creating a culture and set of information security standards that each person in the organization is committed to using their entire life. This is definitely not a small undertaking. Firms must create awareness and security engineering programs to deal with the above six items. If they do not, they are them placing themselves at significant risk of being unable to effectively deal with social network attacks.

As to awareness, if nothing else, Social Engineering: The Art of Human Hacking demonstrates the importance of ensuring that social engineering is an integral part of an information security awareness program. This can’t be underemphasized as even the definitive book on security awareness Managing an Information Security and Privacy Awareness and Training Program only has about 10 pages on social engineering attacks.

There are plenty of security books on hardware, software, certification and more. Those were perhaps the easy ones to write. Until now, very few have dealt with the human element, and the costs associated with ignoring that have been devastating. Social Engineering: The Art of Human Hacking is a book that is a long time in coming, but worth every page.

While seemingly geared to the information security staff, this is a book should be read by everyone, whether they are in technology or not. Social engineering is not something that just occurs behind a keyboard. Social attackers know that. It is about time everyone else did also.

Reviewer Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know

You can purchase Social Engineering: The Art of Human Hacking from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cancel ×

114 comments

Sorry! There are no comments related to the filter you selected.

I see that you're a social engineer. (1)

Anonymous Coward | more than 3 years ago | (#35434614)

I'm pretty social engineer myself.

babys+just folks outnumber mutants 10,000,000:1 (-1)

Anonymous Coward | more than 3 years ago | (#35434696)

let's take a vote then? what should be voted on? the 'proper' direction of our required depopulation? maybe we should, just for now, schedule hearings & a vote (plus we'll have to be told our 'choices' in the most appealing language available), to schedule a vote, sometime in the future, when our sentiments are made clear to us, & we understand how our freedom is to be administered for us, so we don't get goofy, & think we can do whatever we think is good for us/our fellows without supervision, & society enhancing tithing??

Social Engineering (1)

Anonymous Coward | more than 3 years ago | (#35434700)

Buy my book.

Re:Social Engineering (1)

kalirion (728907) | more than 3 years ago | (#35435676)

I don't think that actually works [youtube.com] ...

The Human Factor (5, Funny)

prakslash (681585) | more than 3 years ago | (#35434718)

Agree with the author completely. In order to eliminate the vulnerabilities arising out of the human factor, we have instituted the following password guidelines:

Password Security Guidelines V2.2b

Due to new security policies, the following guidelines have been issued to assist in choosing new passwords. Please follow them closely.

Passwords must conform to at least 12 of the following attributes.
1. Minimum length 12 characters.
2. Must contain both upper and lower case characters as well as at least 2 numbers.
3. Not in any dictionary.
4. No word or phrase bearing any connection to the holder.
5. Containing no characters in the ASCII character set.
6. Must be quantum theoretically secure, i.e. must automatically change if observed (to protect against net sniffing).
7. Binary representation must not contain any of the sequences 00 01 10 11, commonly known about in hacker circles.
8. Changed prior to every use.
9. Contain tissue samples of at least 3 vital organs.
10. Undecodable by virtue of application of 0-way hash function.
11. Contain non-linear random S-boxes (without a backdoor).

It works! We haven't had any login attempts into our systems - legitimate or otherwise.

Re:The Human Factor (0)

Anonymous Coward | more than 3 years ago | (#35434784)

good point but passwords are just one small aspect of it all.

Re:The Human Factor (-1)

Anonymous Coward | more than 3 years ago | (#35434810)

Believable up to #5

Re:The Human Factor (1)

WilCompute (1155437) | more than 3 years ago | (#35436602)

Ever hear tell of that newfangled thing called utf 8?

Re:The Human Factor (0)

Anonymous Coward | more than 3 years ago | (#35441618)

*WOOOOOOSH*

Re:The Human Factor (0)

Anonymous Coward | more than 3 years ago | (#35434854)

All our passwords are "encrypted" as our policy states. Therefore, we are fine.

Re:The Human Factor (2)

bastion_xx (233612) | more than 3 years ago | (#35434912)

I'm surprised you got an "interesting" score instead of "funny". Love the conformation to 12 of 11 attributes too . :)

Re:The Human Factor (1)

bknabe (1910854) | more than 3 years ago | (#35435180)

All you're missing is, "divisible by the square root of the number of hydrogen atoms extant immediately after the Big Bang," (and requiring at least 13 of the attributes) and everythings covered.

Re:The Human Factor (1)

re_organeyes (1170849) | more than 3 years ago | (#35436374)

Good job!

  I would add, "And your password will not be visible when you create it, so make sure you type it correctly."

Re:The Human Factor (1)

tehcyder (746570) | more than 3 years ago | (#35441704)

And no wussy typing a second time to check that it's correct either.

Re:The Human Factor (1)

Exclamation mark! (1961328) | more than 3 years ago | (#35438054)

This is not funny! Our password policy at work is not far from this!

Re:The Human Factor (0)

Anonymous Coward | more than 3 years ago | (#35442342)

No login attempts? Did you connect your systems to the Internet?

The word you are looking for is... (1, Insightful)

John Hasler (414242) | more than 3 years ago | (#35434720)

..."swindling". It is not new.

Re:The word you are looking for is... (2)

lessthan (977374) | more than 3 years ago | (#35438116)

Exactly! I love this marketing hype about the new boogie man "social engineering." It is called a swindle or a con and has been around as long as humans have been able to lie.

Re:The word you are looking for is... (1)

gl4ss (559668) | more than 3 years ago | (#35439918)

yeah.. social engineering is actually quite easy, if you know the end result that you'd like to happen.

anyways the books title is so generated that I'll skip it. simpsons can cover that.

Second! (0)

Anonymous Coward | more than 3 years ago | (#35434724)

Second!

halfway through this book (2)

nopainogain (1091795) | more than 3 years ago | (#35434758)

It seems like a rehash of every security book to come before it. I feel like i'm practically lip-syncing Kevin Mitnick's book "the art of deception".

Mitnick (1)

ItsPaPPy (1182035) | more than 3 years ago | (#35434774)

If Kevin Mitnick didn't write this book, then I am not reading it.

Re:Mitnick (2)

nopainogain (1091795) | more than 3 years ago | (#35434866)

he didnt officially write it but his words were plagurized all over it.

Re:Mitnick (2)

DeniseResoux (2012610) | more than 3 years ago | (#35434920)

them be fighten words!!! u really think this guy plagiarzed mitnick? how do you know?

Re:Mitnick (1)

nopainogain (1091795) | more than 3 years ago | (#35434964)

uhm, because I've read all Mitnick's books twice or more times each.

Re:Mitnick (1)

DeniseResoux (2012610) | more than 3 years ago | (#35434984)

and you read this book? so how much is copied? the review here makes it seem like this has the details mitnicks book did not have.

Re:Mitnick (2)

nopainogain (1091795) | more than 3 years ago | (#35435052)

The operative term in your statement being "seem like". I could paraphrase any book in the library. When you read sequential chapters with subjects that follow sequence right down to the sentence, it becomes more visible Not everyone reads with comprehension. His references (if we stretched to call them that) are as obvious as an NBA star in a room full of dwarves. It's clear he's paraphrasing Mitnick from start to at least the middle where I stopped.

Re:Mitnick (1)

DeniseResoux (2012610) | more than 3 years ago | (#35435156)

the new book mentions maltego, which was not even around when mitnick was hacking....

Re:Mitnick (1)

DeniseResoux (2012610) | more than 3 years ago | (#35436008)

i double checked....there is no plagioarism there may be fair use...but i think you commetnt and acucsation really crossed the line. what u got against the author of this book?

Re:Mitnick (1)

nopainogain (1091795) | more than 3 years ago | (#35438218)

I dont have anything against the book per se. it contains valid accurate useful info---------that i have only seen 100x before.

Re:Mitnick (1)

DeniseResoux (2012610) | more than 3 years ago | (#35439188)

100X.....come on.... who ya kiddin!?

Re:Mitnick (0)

Anonymous Coward | more than 3 years ago | (#35437086)

First, learn to spell plagiarize.
Next, show some façade of veracity by showing the most infinitesimal aspect of proof, before you make such a silly comment.

Re:Mitnick (1)

treeves (963993) | more than 3 years ago | (#35438342)

Oooo-oh! Mr. Fancy AC, all high and mighty with his fancy little cedilla in his 'facade'!
Aren't we something special!

And a "facade of veracity" strikes me as oxymoronic, given that veracity means truth, and facade (in this context, not referring to buildings) means false or superficial.

Re:Mitnick (1)

DeniseResoux (2012610) | more than 3 years ago | (#35439238)

ok, u made yer point....now show him some proof of the copying from Mitnick.....

Re:Mitnick (1)

tehcyder (746570) | more than 3 years ago | (#35441728)

Oooo-oh! Mr. Fancy AC, all high and mighty with his fancy little cedilla in his 'facade'! Aren't we something special!

And a "facade of veracity" strikes me as oxymoronic, given that veracity means truth, and facade (in this context, not referring to buildings) means false or superficial.

He deliberately used "facade of veracity" to emphasise that there is not even the slightest attempt at veracity by the OP (i.e. even a sham truth would be more than OP presented, which was nothing).

Re:Mitnick (1)

nopainogain (1091795) | more than 3 years ago | (#35438426)

you could view my misspelling as an avoidance of plagiarizing the previous uses of the word. Brought to you by the department of non-entertaining-irony.

Re:Mitnick (1)

DeniseResoux (2012610) | more than 3 years ago | (#35439274)

no way!!! it is not avoidance of plagiarizing, rather of avoidance of the issue. run away from the facts..see what i care.

Re:Mitnick (1)

nopainogain (1091795) | more than 3 years ago | (#35441466)

ok, it sounds like you are defending this book harder than I was criticizing it. Do we have a fiscal stake in it's success? I could care less or more (no i don't mean couldn't care less). I just posted that it smelled like a meal I'd already eaten. I'll be reading a different book next month and won't care. It strikes me that you will be in another open forum defending this one.

Re:Mitnick (1)

tehcyder (746570) | more than 3 years ago | (#35441750)

I could care less or more (no i don't mean couldn't care less)

That is not an accepted English phrase, not least because it is meaningless.

Re:Mitnick (1)

nopainogain (1091795) | more than 3 years ago | (#35442218)

let's not get lost in semantics.

Re:Mitnick (1)

snowraver1 (1052510) | more than 3 years ago | (#35435078)

I have this book at home and have read about 3/4 of it. It's a great book and I too agree that this is a great read for anyone. When I am done I'll be passing this book on to my friends and my dad.

Mitnick didn't write the book, no, but I think that he did the foreword. The tone and writing style of the book is interesting and will make you think. I think I paid ~30.00 for this book, Including the Canadian Tax, and I feel I got great value from it.

I approve of this book

Re:Mitnick (1)

tehcyder (746570) | more than 3 years ago | (#35442622)

When I am done I'll be passing this book on to my friends and my dad.

I'm pretty sure that's now illegal everywhere except Russia.

Kevin Mitnick ripoff? (1, Interesting)

Anonymous Coward | more than 3 years ago | (#35434790)

Didn't Mitnick do this 8 years ago with Art of Deception. Even the title is sort of stolen. Is there anything new in here that hasn't already been written about by one of the world's greatest social engineers?

Re:Kevin Mitnick ripoff? (0)

Anonymous Coward | more than 3 years ago | (#35435582)

Kevin, is that you?

Re:Kevin Mitnick ripoff? (1)

DeniseResoux (2012610) | more than 3 years ago | (#35435864)

What's next...Chris, I am your father :)

Re:Kevin Mitnick ripoff? (5, Informative)

nitsew (991812) | more than 3 years ago | (#35435594)

Didn't Mitnick do this 8 years ago with Art of Deception. Even the title is sort of stolen. Is there anything new in here that hasn't already been written about by one of the world's greatest social engineers?

If you look closely at the front of the book, you will see a recommendation by Mitnick. Also, if you read the review, it explains how this is different from Mitnick's book.

"Two of the most popular books to date on social engineering to date have been Kevin Mitnick’s The Art of Deception: Controlling the Human Element of Security and The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers. The difference between those books and Hadnagy, is that Mitnick for the most part details the events and stories around the attacks; while Hadnagy details the myriad specifics on how to carry out the social engineering attack. "

But, thanks for playing!

Re:Kevin Mitnick ripoff? (0)

Anonymous Coward | more than 3 years ago | (#35435634)

Yes.

Re:Kevin Mitnick ripoff? (0)

Anonymous Coward | more than 3 years ago | (#35436796)

I was thinking the exact same thing after reading the first line or two of the summary. Really this appears to be the same thing. Mitnick's book is good and the followup was pretty good but very similar.

Social firewall (3, Funny)

vawwyakr (1992390) | more than 3 years ago | (#35434812)

Good thing I always have my social firewall up....of course this mostly means not looking at anyone and mumbling and running away whenever someone talks to me.

Re:Social firewall (1)

BigJClark (1226554) | more than 3 years ago | (#35437422)


Hello Mr V. Awwyakr,

My name is Paul and I'm posting on behalf of Slashdot security team. We are performing a random security audit on your account. If you could provide me with your
username and password, then we can conclude this test and move on.

Thanks,
Paul
SlashdotSecurity Team

tools = people? (3, Funny)

skids (119237) | more than 3 years ago | (#35434834)

A tool alone is useless; but the knowledge of how to leverage and utilize that tool is invaluable

Was this just a polite way ti say "most people are total tools?"

Re:tools = people? (1)

f1vlad (1253784) | more than 3 years ago | (#35435006)

Essentially that is so.

Re:tools = people? (0)

Anonymous Coward | more than 3 years ago | (#35435888)

Leverage? [xkcd.com]

Re:tools = people? (1)

nametaken (610866) | more than 3 years ago | (#35436446)

Negative. The reviewer is actually the master of Social Engineering, and has intentionally aroused the suspicions of /.'rs to prevent anyone from reading the contents therein.

Is this review... (1, Interesting)

MrEricSir (398214) | more than 3 years ago | (#35434842)

...a social engineering scheme to make people buy the book?

Re:Is this review... (1)

Abstrackt (609015) | more than 3 years ago | (#35434890)

Send me $5 and I'll tell you.

Re:Is this review... (0)

Anonymous Coward | more than 3 years ago | (#35435444)

I'm sorry, but I have patented this method of disclosure. Please send $1 to Patent Dude, KL5-3226.

Mix of Dale Carnegie and Software (0)

DeAngeloLampkin (1993582) | more than 3 years ago | (#35434884)

Maybe with a dash of amoral, depending on what's being done.
I am curious as to what the reviewer means by "social network" attacks though. (New term for me)

-DeAngelo
CheerThis [cheerthis.com] -hassle free sharing with NO login and infinite voting
SheenNation [sheennation.com] - hassle free sharing Sheen! (no login and infinite voting)
Braincano [braincano.com]

Re:Mix of Dale Carnegie and Software (1)

snowraver1 (1052510) | more than 3 years ago | (#35435598)

A social network attack would be googling your user name, finidng that the first result is for your facebook profile and second is for your linkdin profile. Scraping that information (possibly by becoming your "friend") and then using it to answer "Super Secret" password recovery questions so I can reset your password to whatever I want.

Re:Mix of Dale Carnegie and Software (0)

DeAngeloLampkin (1993582) | more than 3 years ago | (#35435672)

Aaah, I see. Thanks for the clarification!

-DeAngelo
CheerThis [cheerthis.com] -hassle free sharing with NO login and infinite voting
SheenNation [sheennation.com] - hassle free sharing Sheen! (no login and infinite voting)
Braincano [braincano.com]

nails all chewed off, still not getting ahead? (-1)

Anonymous Coward | more than 3 years ago | (#35435016)

there's a book for that too. better yet, consider joining us at any of the scheduled million baby+ play-dates, consciousness arisings, georgia stone editing(s), & a host of other life promoting events. be there or be scared.

Obligatory (0)

Anonymous Coward | more than 3 years ago | (#35435048)

Yo Mr Engineer, I'm really happy for you, and imma let you finish, but Surgeons are the best human hackers evar.

Re:Obligatory (1)

Culture20 (968837) | more than 3 years ago | (#35436058)

Yo Mr Engineer, I'm really happy for you, and imma let you finish, but Surgeons are the best human hackers evar.

This. I'm fine with "hacking" meaning "to bypass computer security" instead of replacing hardware or coding, but "hacking" when referring to humans has a long history. Not quite surgeon level, but there are always sharp tools involved. "Social Engineering" is good enough.

Re:Obligatory (1)

wiedzmin (1269816) | more than 3 years ago | (#35437048)

'Hacking' refers to modifying something to function in ways not facilitated by the designer. Surgeons don't hack, they fix. P.S. Except for plastic surgeons, specifically the sex change ones. Those are really hacky indeed.

Re:Obligatory (1)

flaming error (1041742) | more than 3 years ago | (#35438296)

I think "sex change" qualifies as "modifying something to function in ways not facilitated by the designer."

Unless, of course, there is an Intelligent Designer who facilitates sex changes. It could happen.

Re:Obligatory (1)

mcvos (645701) | more than 3 years ago | (#35442234)

'Hacking' refers to modifying something to function in ways not facilitated by the designer. Surgeons don't hack, they fix.

There's overlap between hacking and fixing. Removing an appendix is clearly a modification of the original design. A tiny one, but still. The stomach reduction thing to help people lose weight also definitely sounds a bit like a hack. And what about artificial hearts and other implants that fix/replace/improve functionality?

Of course that's still mostly trying to restore/fix functionality that the body once had or should have had (I'm suddenly thinking about the hacks to restore OtherOS on the PS3), whereas stuff like the body modification scene or people implanting chips and sensors in their body are quite a bit more dramatic. Or maybe prosthetics that are superior in some ways to natural ability (like the cheetah prosthetic legs).

Leverage and utilize? (0)

Tony (765) | more than 3 years ago | (#35435100)

A tool alone is useless; but the knowledge of how to leverage and utilize that tool is invaluable.

Wow! Two content-less marketing terms in one sentence. But they look so sad and lonely without "synergy" there beside them.

Re:Leverage and utilize? (1)

Anonymous Coward | more than 3 years ago | (#35435420)

What are you talking about? This statement makes perfect sense and is meaningful. For example: you can give a student a calculator and then compute sines and cosines; but do they know what there doing? Do they know if the numbers make any sense? OR, if you're given a paint brush and the finest paints; if you have no skills or knowledge, will your work be any good?

Re:Leverage and utilize? (1)

DeniseResoux (2012610) | more than 3 years ago | (#35436130)

what is the problem w/ that comment?

Re:Leverage and utilize? (1)

wiedzmin (1269816) | more than 3 years ago | (#35437058)

A tool alone is useless; without synergy with the knowledge of how to leverage and utilize that tool. Cloud computing.

Re:Leverage and utilize? (1)

Onymous Coward (97719) | more than 3 years ago | (#35437270)

A tool alone is useless; but the knowledge of how to use that tool is invaluable.

Happy?

"A tool alone is useless; but the knowledge of how to use that tool is ... um, also useless without the tool itself. So what I'm saying is that together the tool and the knowledge of how to use the tool are ... great. Doesn't really make a pithy quote, though."

Okay, how about:

A tool alone is useless; you must know how to wield it.

Re:Leverage and utilize? (1)

LemurOfDoom (1578983) | more than 3 years ago | (#35437570)

This is the very first thing I thought upon reading the summary. OP couldn't have chosen a better sentence to make me avoid this book.

Re:Leverage and utilize? (0)

DeniseResoux (2012610) | more than 3 years ago | (#35441458)

Why don't u focus on the review, the concept, the issue, et al, and not get caught up in the most minor parts of the review.

This book caused me to get a Nook! (1)

turbogizzmo (1715030) | more than 3 years ago | (#35435668)

So i was picking out some books to read (pleasure and reference) and this one caught my eye....tech books are so expensive that the stack I had picked out cost more than a Nook. Made a deal with the Nook dude to sell me one with a gift card and got the Nook and most of the books i picked out digitally for almost same price. Random comment i know but this is the book that caused it, I havent finished it yet but i give a +1 to this review, very well written so far.

Another source (0)

cjonslashdot (904508) | more than 3 years ago | (#35435970)

Those interested in social engineering might also want to read chapter 5 of my book High-Assurance Design (website at http://www.assuredbydesign.com/haa/ [assuredbydesign.com] ). It contains a complete taxonomy of social engineering techniques and compares them to commonly known "con schemes" (e.g., "pigeon drop", "Spanish prisoner", "pump-and-dump"....) Chapter 5 happens to be available as a complementary download here: http://www.assuredbydesign.com/haa/chs/Berg_ch05.pdf [assuredbydesign.com]

Re:Another source (2)

DeniseResoux (2012610) | more than 3 years ago | (#35436072)

cool. wild that it is $60 new from amazon and 1 cent used from others....

Re:Another source (1)

cjonslashdot (904508) | more than 3 years ago | (#35436192)

The book was not promoted very well by Addison-Wesley, so not many people know about it. If you're smart you'll be your own judge.

Re:Another source (1)

DeniseResoux (2012610) | more than 3 years ago | (#35436340)

Wiley did this book, not addison wesley

Re:Another source (1)

cjonslashdot (904508) | more than 3 years ago | (#35436450)

I thought you meant my book, Value-Driven IT.

Re:Another source (1)

flaming error (1041742) | more than 3 years ago | (#35438320)

No wonder Addison Wesley did such a lousy promotional job.

Re:Another source (1)

DeniseResoux (2012610) | more than 3 years ago | (#35439136)

not getting your point...how did they do a lousy job?

Bad Title (0)

Anonymous Coward | more than 3 years ago | (#35436972)

"The Art of Human Hacking"

Jack the Ripper and Jeffrey Dahmer would definitely be interested!

Neuro-linguistic programming? (1)

Fear the Clam (230933) | more than 3 years ago | (#35437180)

Oh, please. Save that bullshit for frat boys who think that saying "penetrating" often enough will get them laid.

Re:Neuro-linguistic programming? (1)

DeniseResoux (2012610) | more than 3 years ago | (#35437398)

who is this comment supposed to be directed to?

Re:Neuro-linguistic programming? (1)

Hatta (162192) | more than 3 years ago | (#35437540)

The book's author, I'd assume. NLP is referenced in the review, in the description of chapter 5.

And yes, NLP is complete and utter bunk.

Re:Neuro-linguistic programming? (1)

DeniseResoux (2012610) | more than 3 years ago | (#35437574)

>>>, NLP is complete and utter bunk that is your view. others may differ.

Re:Neuro-linguistic programming? (0)

Anonymous Coward | more than 3 years ago | (#35438030)

and who r u 2 make such a comment?

Re:Neuro-linguistic programming? (0)

Anonymous Coward | more than 3 years ago | (#35441426)

Oh, please. Save that bullshit for frat boys who think that saying "penetrating" often enough will get them laid.

It's OK not to like NPL, we'll still accept you here. Why do you feel that NLP is so bad? What do you find wrong with it?
Would you agree that some people think NPL is quite useful in social engineering?

Great read (1)

samsonites101 (1689376) | more than 3 years ago | (#35437300)

Great book and great reference. It covers a wide range of topics and is very clear about each of them. Provides great example situations, real case studies, and ways to defend against SE attacks. Would recommend it to anyone!

Whole book in two sentences? And it's any good? (0)

Anonymous Coward | more than 3 years ago | (#35437496)

Dude if you can sum up the whole book by two sentences on p. 297, it kind of doesn't sound like it's worth buying.

Re:Whole book in two sentences? And it's any good? (1)

DeniseResoux (2012610) | more than 3 years ago | (#35437578)

that's why its called a spoiler :)

question (1)

Khashishi (775369) | more than 3 years ago | (#35438438)

Will this help me get root privileges on my sexy neighbor?

Re:question (0)

DeniseResoux (2012610) | more than 3 years ago | (#35439010)

u sick dog.

Re:question (0)

Anonymous Coward | more than 3 years ago | (#35440972)

yes. instantly.

Thanks for the quote (1)

Tigger's Pet (130655) | more than 3 years ago | (#35440418)

"tools are an important aspect of social engineering, but they do not make the social engineer. A tool alone is useless; but the knowledge of how to leverage and utilize that tool is invaluable."

I guess I don't need to read the book now that he's said that sums up the entire book. It's a bit like telling me who died at the end of the last Harry Potter book (and no, I haven't read it)

Human Hacking!?!? (0)

Anonymous Coward | more than 3 years ago | (#35440712)

From the title I thought this discussion was going to be about Jeffery Dahmer.

Re:Human Hacking!?!? (0)

DeniseResoux (2012610) | more than 3 years ago | (#35441452)

What gave you that (sick) idea?

Nice Review (1)

pinkushun (1467193) | more than 3 years ago | (#35441656)

Well I enjoyed it. Curious about the book now.

Typo (1)

mekkab (133181) | more than 3 years ago | (#35442214)

"that is uses "

It looks like you were typing in the passive voice (initial sentence fragment was probably "that is used"), made a passive verb active to get rid of the passive voice in your writing (a noble goal!) but forgot to remove the 'is.'

Can someone fix that?

otherwise, it sounds quite interesting, though I wonder how far Hadnagy goes into NLP and if the book provides any examples in the context of social engineering. Most of those techniques need to be executed in person, and exposing your face can be a risk.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>